You'd setup a group policy with the appropriate firewall rules to apply to it and apply it to that VLAN on the MX. Whether you want to connect the cable directly to the MX or trunk it to your switch and put an access port there is more a physical design consideration. It only being on the MX does provide a slight bit more security as you can prevent the VLAN from existing on the switches. No matter what the vlan does have to have it's gateway be on the MX for this to work properly. It can't be a static route to a L3 switch for example. Group Policy info: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying_Group_Policies
... View more
